Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about lank


  • Please log in to reply
1 reply to this topic

#1 vidyaraj

vidyaraj

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 11 January 2005 - 04:06 AM

Dear Sirs

When I connect to internet ,my home page is opening with "about blank" ,and main page like "Search...," I change home page -google -,but again it coming when I open yahoo web page page ,there is no address in the address column ,here with I am attaching my hyjack scan list ,please help me to rectify this thank you very much
rajesh..

Logfile of HijackThis v1.98.2
Scan saved at 5:37:31 PM, on 11/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\APPLICATION DATA\PAEC.EXE
C:\WINDOWS\SYSTEM\SYSTEMP.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9052E80F-6F7B-4C65-9B6A-16DB99097CE5} - C:\WINDOWS\SYSTEM\BHCL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [DOGStart] C:\WINDOWS\SYSTEM\GSDOGST.EXE
O4 - HKLM\..\RunServices: [MHDOGStart] C:\WINDOWS\SYSTEM\mhdogst.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - HKCU\..\Run: [Uhrw] C:\WINDOWS\Application Data\paec.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O18 - Filter: text/html - {D1687031-316A-4412-B56C-C547CCC1E83F} - C:\WINDOWS\SYSTEM\BHCL.DLL
O18 - Filter: text/plain - {D1687031-316A-4412-B56C-C547CCC1E83F} - C:\WINDOWS\SYSTEM\BHCL.DLL
O21 - SSODL: systemp - {CBFD32C7-6738-49C9-B076-F3AE1B90C482} - systemp.dll (file missing)

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:24 AM

Posted 11 January 2005 - 01:40 PM

Please download CWShredder.
http://cwshredder.net/bin/CWSInstall.exe

Don't run it yet. We will get to that in a minute.

Download the FxAgentB.exe file from: http://securityresponse.symantec.com/avcenter/FxAgentB.exe

Double click FxAgentB.exe to run the tool. Reboot when it's done and run it again.


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysingtel.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {9052E80F-6F7B-4C65-9B6A-16DB99097CE5} - C:\WINDOWS\SYSTEM\BHCL.DLL
O4 - HKLM\..\RunServices: [DOGStart] C:\WINDOWS\SYSTEM\GSDOGST.EXE
O4 - HKLM\..\RunServices: [MHDOGStart] C:\WINDOWS\SYSTEM\mhdogst.EXE
O4 - HKCU\..\Run: [Uhrw] C:\WINDOWS\Application Data\paec.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {3C4F8368-ECA2-495E-8E53-28D8E1E45B28} - (no file) (HKCU)
O18 - Filter: text/html - {D1687031-316A-4412-B56C-C547CCC1E83F} - C:\WINDOWS\SYSTEM\BHCL.DLL
O18 - Filter: text/plain - {D1687031-316A-4412-B56C-C547CCC1E83F} - C:\WINDOWS\SYSTEM\BHCL.DLL
O21 - SSODL: systemp - {CBFD32C7-6738-49C9-B076-F3AE1B90C482} - systemp.dll (file missing)


Reboot your computer into Safe Mode


Open CWShredder, click "Fix" and let it run.


Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\SYSTEM\GSDOGST.EXE
C:\WINDOWS\SYSTEM\mhdogst.EXE
C:\WINDOWS\Application Data\paec.exe
C:\WINDOWS\SYSTEM\BHCL.DLL
systemp.dll


Reboot your computer to go back to normal mode.


Please run at least one of these two online scans.
Make sure they are set to clean automatically:

http://housecall.trendmicro.com/

http://www.pandasoftware.com/activescan/co...n_principal.htm

If there are files that can not be removed by the scans please include that information in your next post.


Please reboot once again and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users